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ABSTRACT 



An encryption security system for printer client/printer 
communications that reduces or eliminates the risk of replay 
attacks. The validity of a secure print job is determined using 
a public/private key pair. Th e ^ printer client encr y pts print 
data using the public key oft ne public/private key pair or, 
preferably, a session ke y. If the print job is determined to be 
valid, t he printer decrypts the print data and prints the data . 
In one preferred version of the invention, the validity of the 
print job is determined by (1) the printer generating and 
storing a print session identifier, (2) t he printer sending the 
session identifier to the printer clien t, (3) the printer clien t 
sending the session identifier back to the printer along with 
t he encrypted print data in a manner that ties the session 
i dentifier to the print data, and (4) the printer determining if 
the session identifier received from the printer client has 
c hanged from that originally sent to the printer client and i f 
t he session identifier received from the printer client isJ n 
storage. If the session identifier has not changed and it is in 
storage, then the printer deletes the session identifier fro m 
storage and prints the print data. 



12 Claims, 13 Drawing Sheets 
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SECURE PRINTING METHOD In one preferred version of the invention, the validity of the 

print job is determined by (1) the printer generating and 
storing a print session identifier, (2) the printer sending the 

FIELD OF THE INVENTION session identifier to the printer client, (3) the printer client 

5 sending the session identifier back to the printer along with 

The invention relates generally to a system for secure me encrypted print data in a manner that ties the session 

printing and, more particularly, to an encryption system for identifier to the print data, and (4) the printer determining if 

printer/printer client communications that deters the unau- the session identifier received from the printer client has 

thorized printing of encrypted data . changed from that originally sent to the printer client and if 

DAPFrnmiMn nc ttttt nvn/cvrrrrw 10 tne s^ 011 identifier received from the printer client is in 

BACKGROUND OF THE INVENTION io $torage Jf ^ ^ ^ changed and {{ fe ^ 

A variety of encryption systems have been devised to storage, then the printer deletes the session identifier from 

secure data transmissions between computers. One type of storage and prints the print data. 

encryption security system often used for private and public The "validity" of a print job may be manifested in 

network data transmissions uses both public and secret key 15 different ways for different embodiments of the invention 

cryptography. Public key cryptography uses a pair of keys — and the printer's response to an invalid print job may vary, 

one private and one public — for encryption. Secret key If the printer actually detects an error, it may refuse the print 

cryptography, by contrast, uses only one key for encryption. request and report the error to the user. If the printer does not 

Dual key systems typically use the public/private key pair to detect the error but the print job is not valid, it will print 

authenticate the transaction and then a single secret "ses- 2 o garbage. For example, if a session identifier is used as 

sion" key to encrypt the main data transmission and any described above, the print job is determined to be not valid 

other subsequent communications. The Secure Sockets if the session identifier is not in storage and the print request 

Layer (SSL) protocol popular with TCP/IP application is, therefore, refuse d. If a session identifier is not used, and 

developers to secure data transmissions over the Internet is the bare public/private key encryption is relied on to deter- 

one example of a dual key encryption system. The SSL ^ mine validity, then a printjob is deemed not valid if the print 

protocol works as follows. data cannot be decrypted with the printer's private key. In 

1. The client computer requests a secure connection with mat case > printer will print an error message or garbage 
a server computer and sends the server its public key. in response to the invalid print request. 

2. The server generates a random message and sends the [t is expected that, in most operating environments, the 
message to the client. 30 printer client will generate the session ke y, encrypt th e 

- ™ ( - + « i . 4 j sessi on key using the printer's public key and send the 

3. The client uses its private key to encrypt the random r™ : — i t^l ^- — ^ —r- 

• j c *u j j ■* i_ i * encrypted session key to the printer. Thep nnter decrypts the 

message received from the server and sends it back to . , . ,— — -. f = — * — Jr — 

tU session key using the printer s private key and then uses the 

the server. — t V-,— ; — 

session.key-to-a^cLypt.me-prinTTdata^ 

4. The server decrypts the message using the client's 35 ^^ a dded security, the invention may also include detect- 
pubkc key. If the decrypted message matches the mg any change in th e print data made after the printer chent 
random message generated by the server, the server sends , he ted ^ data to tne rinter This may be 
knows it is communicating with the owner of the a lished , for k b thc rintcr cUe n7c^udn"g 
public/private key pair (i.e., the client). a hash value for the print dilTXS sh value is a uniq u e 

5. The server then creates a secret session key, encrypts 40 jgentifier for data computed from that data. The printercEent. 
the session key with the client's public key and sends encrypts the hash value using t he session key and se nds the 

it tO the Client ejicryjiteri flash value tn the printer I h^pfinter mtnpntRR a 

6. The client decrypts the session key with its private key. hash value for the decrypted print data it has received. The 
The client and the server then use the session key to printer decrypts the hash value from the printer client and 
send and receive further communications. 45 compares it to the hash value it has computed for the 

While encryption security systems are widely known for decrypted print data. If the print data is modified between the 

use with client/server and other computer to computer data printer client and the printer, then the hash value computed 

transmissions, such systems have not yet been adapted for by the printer client from the original data will not match the 

use to secure communications between a printer client and hash value computed by the printer from the modified data, 

a printer. Printer client to printer communications present a 50 and the printer will not print the data. If the hash values are 

unique security problem because the confidential data is the same, the printer knows that no changes were made to 

printed, and often at a printer accessible to numerous users. the print data after it was send by the printer client, and the 

The security of a confidential print job may be breached if printer can then print the data, 

the encrypted print data is copied and then resubmitted to the DESCRIPTION OF THF DRAWrNfiS 

printer as an authorized print job. The unauthorized copying 55 DESCRIPTION OF THE DRAWINGS 

of encrypted print data for the purpose of simulatin g_an FIG. 1 is an idealized perspective representation of a 

au thorized prin t job is referred to as a "replay attack/' computer/printer system implementing the secure printing 

— features of the present invention. 

SUMMARY OF THE INVENTION FIG. 2 is a schematic representation of the system of FIG. 

Accordingly, the present invention is directed to an 60 1* 

encryption security system for printer client/printer commu- FIGS. 3A and 3B are a flow chart showing the sequence 

nications that reduces or eliminates the risk of replay attacks. of steps for secure printing according to one embodiment of 

The validity of a secure print job is determined using a the invention. 

public/private key pair. The printer client encrypts print data FIGS. 4A and 4B are a flow chart showing the sequence 

u sing the_public key of the public/pnvate_ ke v^pair or, 65 of steps for secure printing according to a second embodi- 

preferably, a session key. If the print job is determined to be ment of the invention in which a hash value is computed for 

valid, the printer decrypts the print data and prints the data. the print data. 
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FIGS. 5A and 5B are a flow chart showing the sequence a particular print job. "Print job" refers to the print data 

of steps for secure printing according to another embodi- generated by computer IT and the instructions trom com - 

ment of the invention in which a hash value is computed for puter 121Bat accompany the d a taBirecUng printer 1 0 to print 

the session key and session identifier. "t Brflgg rin step 1U4, printer 1"4 generates a session identifier 

FIGS. 6A and 6B are a flow chart showing the sequence 5 and stores session identifier 38a in for example^iddfi 

of steps for secure printing according to another embodi- ^ n JAM 32 or another suitable memory 

ment of the invention in which a hash value is computed for * rea , ° fi f P™*? ™: Table , 40 ma \ ^ S&S&10? 

t . ; j„,* ; «„ tU ~ u nr -u : 0 „„- f u t k Q identifiers 38fr-38ft as shown in FIG. «. Each session 

the session identifier, the hash value is encrypted with the — -™ — ^ — ; — — r 1 ... - — — " 

v« ™a .~~< tn identifier 38 should be a unique combination of numbers, 

session key and sent to the printer. c -3 —-^ , — — ,-7 

, „ , ^ , . in letters anovor otner characters generated or selected by 

FIGS. 7A and 7B are a flow chart showing the sequence pfffiMn*^ 

of steps for secure printing according to another embodi- and ^ the-apperTdia- Qaims means any combin7do7~of 

ment of the mventionm which a hash value is computed for numbcrS) Acticr s and/or other characters that will not be 

the print data and the session identifier. repeated, at least not for an extended period of time. The 

FIG. 8 is a block diagram illustrating the session identifier ^ iimc period ^ be sufficiently extended if it is longer than 

table maintained in the printer. (h e time a hacker could have continuous access to the printer 

DETAILED DESCRIPTION OF THE *° S enera ^ e repeated session identifiers. Each session iden- 

INVENTION *^ er ^ or exam pl e > might be the cumulative number of 

pages printed by printer 10 at the time the identifier is 

Referring to FIGS. 1-2, the invention is shown imple- generated, 

mented on a laser printer 10 and a computer 12. Computed Session identifiers 38 should be stored in a non-volatile 

12 represents generally any printer client capa ble of sending memory tf delayed printing is desired 0ne type of ddayed 

pnnt jobs to pnnter 1U. The invention is not limited to laser printing in which a user may delay printing until a personal 

"primers, u is equallyapplicable to other image forming identification number (PIN) is entered at the printer control 

devices including Mopiers®, ink jet printers, impact ^ panel ^ described in the section on Private Printing in U.S. 

printers, thermal printers, fax machines and the like. In this patent ap pii cat i orj Se r, No. 09/181,177, filed Oct. 26, 1998 

particular embodiment of the invention, a personal computer ^ entitled MULTIPLE COPY PRINTER WITH PRINT 

12 is connected to a printer 10 through a network 14. The J0B RETENTION which is incorporated herein by refer- 

basic components of printer 10 and computer 12 are shown ence ^ * te entirety. 

schematically in FIG. 2. 3Q Next> printer 10 sends an encryption public key and 

The connection between computer 12 and printer 10 may session identifier 38g to computer 12 in step 106 . ApubEs 

be a direct connection using a parallel or serial cable such as key is tne key in the public/private key pair used in asym - 

that shown in FIG. 1, a tireless or remote connection via a metric cryptography mat is given out to computer 12 an d 

telecommunication Jink, an infrared link or a radio _fre- ot her printer clients when se cure p rinting is desired. The 

quency link, or any other conne ctor or system that estab- 3S olher key in the pair, the private key, is kept secret and 

lishes bi-directional communication between printer 10 and known only to tne printer. Preferably, printer 10 sends its 

computer 12. Although the invention may be used with a pu bu c key as part of an authenticity certificate. The authen- 

print server or other intermediate facilities between com- ticity certificate is a collection of data about the printer that 

puter 12 and printer 10, a direct connection between com- includes its name, the name of the authenticating authority 

puter 12 and printer 10 is preferred. 4Q ^ tnc authority's signature. If an authenticity certificate is 

Computer 10 has a document generating application soft- used, pmg piitp.r 1 ^ v erifies that the cer tificate com es from a 

ware 16 and associated printer driver 18 in its memory. secure "printer, as indicated in step lOSTThe authenticity 

Pnnter driver 18 is modified from its conventional form to certmcate7~wnich is common in conventional security sys- 

implement the security steps performed by the printer client terns that use, for example, VeriSign™ certificates, provides 

as described below. Printer 10 has a print engine 20 con- 45 an added measure of security that helps prevent printer 

nected to a controller/formatter 22 which receives data to be impersonations. 

printed from input 24. Input 24 represents generally, for Once computer 12 verifies the authenticity of the trans- 
example, a parallel input/output (PIO) port or channel, a mission from printer 10 in step 108, computer 12 generates 
serial input/output (SIO) port or channel, an enhanced a secret encryption key commonly referred to as a "session " 
input/output (EIO) port or channel and remote or wireless 50 Tcey^in step 110. The computer may generate the session ke y 
couples. Controller 22 includes electronics connecting con- using a predefine d key ge neration algorithm or selectmgon e 
troller 22 to the inputs, processing electronics, random fro m a group ofpredefine d alg orithms^ Using the printer' s 
access memory (RAM) 32, firmware 34 and associated puTgjcJs& y, computer lz encrypts the session key and sends 
electronics connecting controller 22 to print engine 20. The the encrypted session Key and the s e^ioniaenftfier to printer 
controlling firmware 34 for the controller 22 typically 55 lT^as indicated in steps 112 and 1147The sessionTdentifier 
resides in a read only memory (ROM). jg sent to printer 10 in a manner that ties the session identifier 

Firmware 34 is modified from its conventional form to to the print data. In steps 116 and 118, the print data is 

implement the security steps performed by the printer as encrypted with the session key and sent to printer 10. Any 

described below. The invention may be implemented in of the various conventional secret key encryption algorithms 

existing printers and Mopiers by substituting a modified 60 may be used for encrypting data with the session key 

firmware/ROM 34 for the existing the ROM. including, for example, Data Encryption Standard (DES), 

One embodiment of the invented method for secure RSA's RC4 or the IDEA algorithm. The public/private key 

printing will now be described with reference to the flow and secret session key cryptography used in to implement 

chart of FIGS. 3 A and 3B. Secure printing is initiated in step the invention is well known to those skilled in the art and 

102 when computer 12 requests a secure print session from 65 details of these systems may be obtained from a variety of 

printer 14. "Print session" refers generally to the entire commercially available sources. Bruce Schneier's Applied 

transaction between computer 12 and printer 10 relating to Cryptography: Protocols, Algorithms, and Source Code in C 
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(2ed 1995), for example, is one of many authoritative 
sources of information for both public key and secret key 
cryptography. 

In step 120, printer 10 decrypts the session key using its 
private key. In steps 150 and 122, printer 10 determines 
whether the session identifier received from computer 12 has 
been changed from the original session identifier sent in step 
106 and whether the session identifier is in storage (in this 
case table 40). If the session identifier has not changed and 
it is in storage, then printer 10 knows the session identifier 
it sent to computer 12 has not been changed or a false 
identifier submitted by a print imposter and the print job is 
deemed valid. The session identifier is deleted from storage 
and the print data is decrypted using the session key in step 
124. The data is then printed in step 126. If the session 
identifier has been changed or it does not appear in session 
identifier table 40, the print job is deemed not valid as 
indicated in step 128 and it is discarded. The deletion of the 
session identifier from storage deters a "replay attack" in 
which the same print job is copied in transit and sent to 
printer 10 a second time for printing. When the print job 
arrives a second time at printer 10, the session identifier 
(session identifier 38a, for example) will not appear in table 
40 and, therefore, the print job will be deemed not valid. 

For added security, the invention may include detecting 
any change in the print data made after the printer client 
sends the encrypted print data to the printer. This may be 
accomplished, for example, by the printer client computing 
a hash value for the print data as shown in the flow chart of 
FIGS. 4 A and 4B. A hash value is a unique identifier for data 
computed from that data. It is desirable, therefore, that 
computer 12 compute a hash value for the print data, encrypt 
the hash value using the session key and send the encrypted 
hash value to printer 10 along with the encrypted print data 
as shown in steps 111, 113 and 115 in FIG. 4A. In steps 125, 
127 and 131, printer 10 computes a hash value for the 
decrypted print data, decrypts the hash value from computer 
12, and compares it to the hash value it has computed for the 
decrypted print data as shown in FIG. 4B. If the print data 
is modified between the computer 12 and printer 10, then the 
hash value computed by computer 12 from the original data 
will not match the hash value computed by printer 10 from 
the modified data, and printer 10 will not validate the print 
job as indicated in step 131. If the hash values are the same, 
printer 10 knows that no changes were made to the print data 
after it was sent by computer 12, and the printer can validate 
the print job and print the data. 

The flow charts of FIGS. 5, 6 and 7 illustrate three 
methods for implementing the steps of tieing the session 
identification to the print data (step 114 in FIG. 3A) and 
determining if the session identifier has changed (step 150 in 
FIG. 3B). Additional security is gained through these meth- 
ods by detecting any change in the session identifier made 
after the printer client sends the session identifier to the 
printer. In the first method illustrated in the flow chart of 
FIGS. 5A and 5B, a hash value is computed for the session 
identifier and the session key Referring to FIGS. 5Aand 5B, 
computer 12 computes a hash value for the session key and 
the session identifier in step 117. In steps 119 and 121, 
computer 12 encrypts the hash value using the printer's 
public key and sends it to printer 10 along with the encrypted 
session key and the session identifier. The hash value 
prevents an imposter from modifying the session identifier 
and then resending the print data with the modified session 
identifier. If a hash value is used, then printer 10 also 
decrypts the hash value received from computer 12, com- 
putes the hash value for the decrypted session key and the 
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session identifier and compares the two hash values, as 
indicated in step 133, 135 and 137. If the hash values match, 
then the session identifier and session key are deemed valid 
and the print process may continue. If the hash.vahies do not 
match, the print job is deemed not valid as indicated in step 
139 and the print job is discarded. 

In the second method illustrated in the flow chart of FIGS. 
6A and 6B, a hash value is computed only for the session 
identifier but this hash value is encrypted with the session 
key and then sent to the printer. Referring to FIGS. 6 A and 
6B, computer 12 compute a hash value for the session 
identifier, encrypts the hash value using the session key and 
sends the encrypted hash value to printer 10 along with the 
session identifier as shown in steps 140, 142 and 144. In 
steps 146, 148 and 150, printer 10 computes a hash value for 
the session identifier it receives, decrypts the hash value 
from computer 12, and compares it to the hash value it has 
computed for the session identifier. If the session identifier 
is modified between the computer 12 and printer 10, then the 
hash value computed by computer 12 from the original data 
will not match the hash value computed by printer 10 from 
the modified data, and printer 10 will not validate the print 
job as indicated in step 152. If the hash values are the same, 
printer 10 knows that no changes were made to the session 
identifier originally submitted to computer 12 for this print 
job, and the printer can validate the print job and print the 
data. 

In a third method illustrated in the flow chart of FIGS. 7A 
and 7B, a hash value is computed for the session identifier 
and the print data. Referring to FIGS. 7A and 7B, computer 
12 computes a hash value for the print data and the session 
identifier in step 190. In steps 119 and 121, computer 12 
encrypts the hash value using the printer's public key and 
sends it to printer 10 along with the encrypted session key 
and the session identifier. Printer 10 decrypts the print data 
and the hash value received from computer 12, computes the 
hash value for the decrypted print data and the session 
identifier and compares the two hash values, as indicated in 
step 192-196. If the hash values match, then the session 
identifier and session key are deemed valid and the print 
process may continue. If the hash values do not match, the 
print job is deemed not valid as indicated in step 139 and the 
print job is discarded. 

While the present invention has been shown and 
described with reference to the foregoing exemplary 
embodiments, it is to be understood that other forms and 
details may be made thereto without departing from the 
spirit and scope of the invention as expressed in the follow- 
ing claims. 

What is claimed is: 

1. A method for secure printing between a printer client 
and a printer, comprising: 

the printer generating and storing a session identifier; 
the printer sending the session identifier to the printer 
client; 

the printer client encrypting print data; 
the printer client sending the encrypted print data to the 
printer; 

the printer client computing a first hash value for the print 
data and the session identifier and the printer client 
encrypting the first hash value and sending the 
encrypted first hash value to the printer; 

the printer decrypting the encrypted print data; 

the printer computing a second hash value for the 
decrypted print data and session identifier, the printer 
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decrypting the first hash value, and the printer compar- 
ing the first hash value to the second hash value; and 
if the first and second hash values match and if the session 
identifier is in storage, the printer deleting the session 
identifier from storage and printing the data. 5 

2. A method for secure printing between a printer client 
and a printer, comprising: 

the printer client computing a first hash value for the print 
data; 

the printer client encrypting the print data and sending the 

encrypted print data to the printer; 
the printer client encrypting the first hash value and 

sending the encrypted first hash value to the printer; 
the printer decrypting the encrypted print data; 15 

the printer computing a second hash value for the 
decrypted print data; 

the printer decrypting the first hash value; 

the printer comparing the first hash value to the second 2Q 

hash value; and 
if the hash values match, printing the print data. 

3. The method of claim 2, wherein the step of encrypting 
the first hash value comprises encrypting the first hash value 
using a session key and the step of decrypting the first hash 25 
value comprises decrypting the first hash value using the 
session key. 

4. The method of claim 2, wherein the step of encrypting 
the first hash value comprises encrypting the first hash value 
using a public key in a public/private encryption key pair 30 
and the step of decrypting the first hash value comprises 
decrypting the first hash value using the printer's private 
key. 

5. A method for secure printing between a printer client 
and a printer, comprising: 35 

the printer generating a session identifier; 
the printer sending the session identifier to the printer 
client; 

the printer client encrypting data to be printed and sending 

the encrypted print data to the printer; 40 
the printer client computing a first hash value for the print 

data and the session identifier and the printer client 

encrypting the first hash value and sending the 

encrypted first hash value to the printer; 
the printer decrypting the print data; 45 
the printer computing a second hash value for the 

decrypted print data and session identifier, 
the printer decrypting the first hash value; 
the printer comparing the first hash value to the second 50 

hash value; and 
if the first and second hash values are the same, the printer 

printing the print data. 

6. A method for secure printing between a printer client 
and a printer, comprising: 55 

initiating a secure print job with a public/private encryp- 
tion key pair 

the printer generating and storing a session identifier; 

the printer sending the public key and the session iden- 6Q 

tifier to the printer client; 
the printer client generating a session key; 
the printer client encrypting the session key using the 

printer's public key and sending the encrypted session 

key to the printer; 65 
the printer client computing a first hash value for the print 

data; 
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the printer client encrypting the first hash value and 
sending the encrypted first hash value to the printer; 

the printer client encrypting data to be printed using the 
session key and sending the encrypted print data to the 
printer; 

the printer client sending the session identifier to the 
printer in a manner that ties the session identifier to the 
print data; 

the printer decrypting the session key using its private 
key; 

the printer decrypting the print data using the session key; 
the printer determining if the session identifier has 
changed; 

the printer determining if the session identifier is in 
storage; 

the printer computing a second hash value for the 

decrypted print data; 
the printer decrypting the first hash value; 
the printer comparing the first hash value to the second 

hash value; and 
if the hash values match and if the session identifier has 

not changed and the session identifier is in storage, the 

printer deleting the session identifier from storage and 

printing the print data. 

7. A computer readable medium having instructions 
thereon for: 

the printer generating and storing a session identifier; 
the printer sending the session identifier to the printer 
client; 

the printer client computing a first hash value for the print 
data and the session identifier and the printer client 
encrypting the first hash value and sending the 
encrypted first hash value to the printer; 

the printer client encrypting print data; 

the printer client sending the encrypted print data to the 
printer; 

the printer decrypting the encrypted print data; 

the printer computing a second hash value for the 
decrypted print data and session identifier, the printer 
decrypting the first hash value, and the printer compar- 
ing the first hash value to the second hash value; and 

if the first and second hash values match and if the session 
identifier is in storage, the printer deleting the session 
identifier from storage and printing the data. 

8. A computer readable medium having instructions 
thereon for 

the printer client computing a first hash value for print 
data; 

the printer client encrypting the print data and sending the 

encrypted print data to the printer; 
the printer client encrypting the first hash value and 

sending the encrypted first hash value to the printer; 
the printer decrypting the encrypted print data; 
the printer computing a second hash value for the 

decrypted print data; 
the printer decrypting the first hash value; 
the printer comparing the first hash value to the second 

hash value; and 
if the hash values match, printing the print data. 

9. The medium of claim 8, wherein encrypting the first 
hash value comprises encrypting the first hash value using 
the session key and encrypting the first hash value comprises 
decrypting the first hash value using the session key. 
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10. The medium of claim 8, wherein encrypting the first 
hash value comprises encrypting the first hash value using a 
public key in a public key/private key pair and the step of 
decrypting the first hash value comprises decrypting the first 
hash value using the printer's private key. 

11. A computer readable medium having instructions 
thereon for: 

the printer generating a session identifier; 
the printer sending the session identifier to the printer 
client; 

the printer client encrypting data to be printed and sending 

the encrypted print data to the printer; 
the printer client computing a first hash value for the print 

data and the session identifier and the printer client 

encrypting the first hash value and sending the 

encrypted first hash value to the printer; 
the printer decrypting the print data; 
the printer computing a second hash value for the 

decrypted print data and session identifier, 
the printer decrypting the first hash value; 
the printer comparing the first hash value to the second 

hash value; and 
if the first and second hash values are the same, the printer 

printing the print data. 

12. A computer readable medium having instructions 
thereon for: 

initiating a secure print job with a public/private encryp- 
tion key pair 

the printer generating and storing a session identifier; 
the printer sending the public key and the session iden- 
tifier to the printer client; 
the printer client generating a session key; 
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the printer client encrypting the session key using the 
printer's public key and sending the encrypted session 
key to the printer; 

the printer client computing a first hash value for the print 
data; 

the printer client encrypting the first hash value and 
sending the encrypted first hash value to the printer; 

the printer client encrypting data to be printed using the 
session key and sending the encrypted print data to the 
printer; 

the printer client sending the session identifier to the 
printer in a manner that ties the session identifier to the 
print data; 

the printer decrypting the session key using its private 
key; 

the printer decrypting the print data using the session key; 
the printer determining if the session identifier has 
changed; 

the printer determining if the session identifier is in 
storage; 

the printer computing a second hash value for the 

decrypted print data; 
the printer decrypting the first hash value; 
the printer comparing the first hash value to the second 

hash value; and 
if the hash values match and if the session identifier has 

not changed and the session identifier is in storage, the 

printer deleting the session identifier from storage and 

printing the print data. 
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